Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751861AbdGEQSC (ORCPT ); Wed, 5 Jul 2017 12:18:02 -0400 Received: from mail-oi0-f67.google.com ([209.85.218.67]:35971 "EHLO mail-oi0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751653AbdGEQSB (ORCPT ); Wed, 5 Jul 2017 12:18:01 -0400 MIME-Version: 1.0 In-Reply-To: <1499257180.2707.34.camel@decadent.org.uk> References: <20170619142358.GA32654@1wt.eu> <1498009101.2655.6.camel@decadent.org.uk> <20170621092419.GA22051@dhcp22.suse.cz> <1498042057.2655.8.camel@decadent.org.uk> <1499126133.2707.20.camel@decadent.org.uk> <20170704084122.GC14722@dhcp22.suse.cz> <20170704093538.GF14722@dhcp22.suse.cz> <20170704094728.GB22013@1wt.eu> <20170704104211.GG14722@dhcp22.suse.cz> <20170704113611.GA4732@decadent.org.uk> <1499209315.2707.29.camel@decadent.org.uk> <1499257180.2707.34.camel@decadent.org.uk> From: Linus Torvalds Date: Wed, 5 Jul 2017 09:17:59 -0700 X-Google-Sender-Auth: agaH1q3U5iiznXyN0WFiyoPnQKc Message-ID: Subject: Re: [PATCH] mm: larger stack guard gap, between vmas To: Ben Hutchings Cc: Michal Hocko , Willy Tarreau , Hugh Dickins , Oleg Nesterov , "Jason A. Donenfeld" , Rik van Riel , Larry Woodman , "Kirill A. Shutemov" , Tony Luck , "James E.J. Bottomley" , Helge Diller , James Hogan , Laura Abbott , Greg KH , "security@kernel.org" , Qualys Security Advisory , LKML , Ximin Luo Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1442 Lines: 34 On Wed, Jul 5, 2017 at 5:19 AM, Ben Hutchings wrote: > On Tue, 2017-07-04 at 16:31 -0700, Linus Torvalds wrote: >> >> Can you find out where that is allocated? Perhaps a breakpoint on >> mmap, with a condition to catch that particular one? > > Found it, and it's now clear why only i386 is affected: > http://hg.openjdk.java.net/jdk8/jdk8/hotspot/file/tip/src/os/linux/vm/os_linux.cpp#l4852 > http://hg.openjdk.java.net/jdk8/jdk8/hotspot/file/tip/src/os_cpu/linux_x86/vm/os_linux_x86.cpp#l881 Thanks, good work. Well, good work on *your* part. I will try very hard to refrain from commenting too much on the f*cking stinking pile of sh*t that was exec-shield. But yes, I don't think we can sanely recognize this. The code clearly very intentionally does that mapping under the stack, and it's very intentionally not PROT_NONE, since it's meant to be both writable and executable. As I said earlier (and I see Michal Hocko suggested the same - sudden email flurry going on here), I think we need to basically allow people to set the stack gap per-process to something low. The good news is that this is probably specialized enough that we can just keep the defaults as "will break this one case, but we give people the tools to work around it". I hate doing that, but distros that still support 32-bit (which is apparently a shrinking number) can maybe hack the libreoffice launch scripts up? Linus